登录
注册
开源
企业版
高校版
搜索
帮助中心
使用条款
关于我们
开源
企业版
高校版
私有云
模力方舟
我知道了
查看详情
登录
注册
5月24日 | Gitee Talk 模力方舟 AI 应用沙龙合肥站,多个 AI+ 项目实践分享,跨行业 AI 场景落地,报名现已开启~
代码拉取完成,页面将自动刷新
开源项目
>
程序开发
>
安全开发相关
&&
捐赠
捐赠前请先登录
取消
前往登录
扫描微信二维码支付
取消
支付完成
支付提示
将跳转至支付宝完成支付
确定
取消
Watch
不关注
关注所有动态
仅关注版本发行动态
关注但不提醒动态
16
Star
37
Fork
18
openEuler
/
safeguard
代码
Issues
12
Pull Requests
1
Wiki
统计
流水线
服务
Gitee Pages
JavaDoc
PHPDoc
质量分析
Jenkins for Gitee
腾讯云托管
腾讯云 Serverless
悬镜安全
阿里云 SAE
Codeblitz
我知道了,不再自动展开
Pull Requests
/
详情
84
添加构建依赖并添加rpm包构建子命令
开启的
游益锋:master
openEuler:master
游益锋
创建于 2025-05-12 23:01
克隆/下载
HTTPS
SSH
复制
下载 Email Patch
下载 Diff 文件
1. bpftool在构建阶段也需要用到,否则会报错 ``` MKDIR /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/bpf.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/btf.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/libbpf.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/libbpf_errno.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/netlink.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/nlattr.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/str_error.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/libbpf_probes.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/bpf_prog_linfo.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/btf_dump.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/hashmap.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/ringbuf.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/strset.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/linker.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/gen_loader.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/relo_core.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/usdt.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/zip.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/elf.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/features.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/libbpf.so.1.4.6 INSTALL bpf.h libbpf.h btf.h libbpf_common.h libbpf_legacy.h bpf_helpers.h bpf_helper_defs.h bpf_tracing.h bpf_endian.h bpf_core_read.h skel_internal.h libbpf_version.h usdt.bpf.h INSTALL /root/rpmbuild/BUILD/safeguard/output/libbpf/libbpf.pc INSTALL /root/rpmbuild/BUILD/safeguard/output/libbpf/libbpf.a /root/rpmbuild/BUILD/safeguard/output/libbpf/libbpf.so /root/rpmbuild/BUILD/safeguard/output/libbpf/libbpf.so.1 /root/rpmbuild/BUILD/safeguard/output/libbpf/libbpf.so.1.4.6 make[2]: Leaving directory '/root/rpmbuild/BUILD/safeguard/libbpf/src' /bin/bash: line 1: bpftool: command not found mkdir -p pkg/bpf/bytecode mkdir -p build clang -g -O2 -target bpf -D__TARGET_ARCH_x86 -I/root/rpmbuild/BUILD/safeguard/output `shell -v -E - </dev/null 2>&1 | sed -n '/<...> search starts here:/,/End of search list./{ s| \(/.*\)|-idirafter \1|p }'` -E pkg/bpf/c/restricted-network.bpf.c -o "pkg/bpf/bytecode/restricted-network.bpf.o.i" clang -g -O2 -target bpf -D__TARGET_ARCH_x86 -I/root/rpmbuild/BUILD/safeguard/output `shell -v -E - </dev/null 2>&1 | sed -n '/<...> search starts here:/,/End of search list./{ s| \(/.*\)|-idirafter \1|p }'` -c pkg/bpf/c/restricted-network.bpf.c -o pkg/bpf/bytecode/restricted-network.bpf.o In file included from pkg/bpf/c/restricted-network.bpf.c:1: In file included from pkg/bpf/c/common_structs.h:2: In file included from /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helpers.h:11: /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:78:90: error: unknown type name '__u64' static long (* const bpf_map_update_elem)(void *map, const void *key, const void *value, __u64 flags) = (void *) 2; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:102:49: error: unknown type name '__u32' static long (* const bpf_probe_read)(void *dst, __u32 size, const void *unsafe_ptr) = (void *) 4; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:114:23: warning: type specifier missing, defaults to 'int' [-Wimplicit-int] static __u64 (* const bpf_ktime_get_ns)(void) = (void *) 5; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:114:8: warning: type specifier missing, defaults to 'int' [-Wimplicit-int] static __u64 (* const bpf_ktime_get_ns)(void) = (void *) 5; ~~~~~~ ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:114:14: error: function cannot return function type 'int (void)' static __u64 (* const bpf_ktime_get_ns)(void) = (void *) 5; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:177:57: error: unknown type name '__u32' static long (* const bpf_trace_printk)(const char *fmt, __u32 fmt_size, ...) = (void *) 6; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:193:23: warning: type specifier missing, defaults to 'int' [-Wimplicit-int] static __u32 (* const bpf_get_prandom_u32)(void) = (void *) 7; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:193:8: warning: type specifier missing, defaults to 'int' [-Wimplicit-int] static __u32 (* const bpf_get_prandom_u32)(void) = (void *) 7; ~~~~~~ ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:193:14: error: function cannot return function type 'int (void)' static __u32 (* const bpf_get_prandom_u32)(void) = (void *) 7; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:206:23: warning: type specifier missing, defaults to 'int' [-Wimplicit-int] static __u32 (* const bpf_get_smp_processor_id)(void) = (void *) 8; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:206:8: warning: type specifier missing, defaults to 'int' [-Wimplicit-int] static __u32 (* const bpf_get_smp_processor_id)(void) = (void *) 8; ~~~~~~ ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:206:14: error: function cannot return function type 'int (void)' static __u32 (* const bpf_get_smp_processor_id)(void) = (void *) 8; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:227:66: error: unknown type name '__u32' static long (* const bpf_skb_store_bytes)(struct __sk_buff *skb, __u32 offset, const void *from, __u32 len, __u64 flags) = (void *) 9; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:227:98: error: unknown type name '__u32' static long (* const bpf_skb_store_bytes)(struct __sk_buff *skb, __u32 offset, const void *from, __u32 len, __u64 flags) = (void *) 9; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:227:109: error: unknown type name '__u64' static long (* const bpf_skb_store_bytes)(struct __sk_buff *skb, __u32 offset, const void *from, __u32 len, __u64 flags) = (void *) 9; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:256:66: error: unknown type name '__u32' static long (* const bpf_l3_csum_replace)(struct __sk_buff *skb, __u32 offset, __u64 from, __u64 to, __u64 size) = (void *) 10; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:256:80: error: unknown type name '__u64' static long (* const bpf_l3_csum_replace)(struct __sk_buff *skb, __u32 offset, __u64 from, __u64 to, __u64 size) = (void *) 10; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:256:92: error: unknown type name '__u64' static long (* const bpf_l3_csum_replace)(struct __sk_buff *skb, __u32 offset, __u64 from, __u64 to, __u64 size) = (void *) 10; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:256:102: error: unknown type name '__u64' static long (* const bpf_l3_csum_replace)(struct __sk_buff *skb, __u32 offset, __u64 from, __u64 to, __u64 size) = (void *) 10; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:292:66: error: unknown type name '__u32' static long (* const bpf_l4_csum_replace)(struct __sk_buff *skb, __u32 offset, __u64 from, __u64 to, __u64 flags) = (void *) 11; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:292:80: error: unknown type name '__u64' static long (* const bpf_l4_csum_replace)(struct __sk_buff *skb, __u32 offset, __u64 from, __u64 to, __u64 flags) = (void *) 11; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:292:92: error: unknown type name '__u64' static long (* const bpf_l4_csum_replace)(struct __sk_buff *skb, __u32 offset, __u64 from, __u64 to, __u64 flags) = (void *) 11; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:292:102: error: unknown type name '__u64' static long (* const bpf_l4_csum_replace)(struct __sk_buff *skb, __u32 offset, __u64 from, __u64 to, __u64 flags) = (void *) 11; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:327:70: error: unknown type name '__u32' static long (* const bpf_tail_call)(void *ctx, void *prog_array_map, __u32 index) = (void *) 12; ^ /root/rpmbuild/BUILD/safeguard/output/bpf/bpf_helper_defs.h:357:65: error: unknown type name '__u32' static long (* const bpf_clone_redirect)(struct __sk_buff *skb, __u32 ifindex, __u64 flags) = (void *) 13; ^ fatal error: too many errors emitted, stopping now [-ferror-limit=] 6 warnings and 20 errors generated. make[1]: *** [Makefile:40: pkg/bpf/bytecode/restricted-network.bpf.o] Error 1 make[1]: Leaving directory '/root/rpmbuild/BUILD/safeguard' error: Bad exit status from /var/tmp/rpm-tmp.ftEOI3 (%build) ``` 2. 移除未使用的spec依赖 ``` + cd /root/rpmbuild/BUILD + '[' /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64 '!=' / ']' + rm -rf /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64 ++ dirname /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64 + mkdir -p /root/rpmbuild/BUILDROOT + mkdir /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64 + cd safeguard + mkdir -p /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64/usr/bin + mkdir -p /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64/etc/safeguard + cp -a build/safeguard /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64/usr/bin/ + cp -a config/safeguard.yml /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64/etc/safeguard/ + /usr/lib/rpm/check-buildroot + /usr/lib/rpm/brp-ldconfig + /usr/lib/rpm/brp-compress + /usr/lib/rpm/brp-strip /usr/bin/strip + /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump + /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip + /usr/lib/rpm/brp-python-bytecompile /usr/bin/python 1 1 + /usr/lib/rpm/brp-python-hardlink Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.iFusHu + umask 022 + cd /root/rpmbuild/BUILD + cd safeguard + RPM_EC=0 ++ jobs -p + exit 0 error: Bad file: /root/rpmbuild/SOURCES/v2.0.tar.gz: No such file or directory RPM build errors: Bad file: /root/rpmbuild/SOURCES/v2.0.tar.gz: No such file or directory make: *** [Makefile:107: rpmbuild] Error 1 [root@openeuler2203ltssp1 youyifeng-safeguard.git]# ``` 3. 修改makefile,添加rpmbuild子命令用于构建rpm包 ``` [root@openeuler2203ltssp1 youyifeng-safeguard.git]# make rpmbuild which rpmbuild || sudo yum install rpm-build -y /usr/bin/rpmbuild mkdir -p ~/rpmbuild/{SPECS,SOURCES} cp safeguard.spec ~/rpmbuild/SPECS/ tar --transform "s/^\./safeguard/" -zcvf ~/rpmbuild/SOURCES/safeguard-2.0.tar.gz . ./ ./docs/ ./docs/dev-route.jpeg ./docs/use-cases/ ./docs/use-cases/prevent-container-breakout.md ./docs/use-cases/prevent-supply-chain-attack-and-hardening-github-actions.md ./docs/use-cases/prevent-ssrf.md ./docs/architecture.png ./docs/architecture0.jpeg ./docs/getting-started/ ./docs/getting-started/quickstart.md ./docs/getting-started/overview.md ./docs/getting-started/installation.md ./docs/index.md ./docs/configuration/ ./docs/configuration/configuration.md ./docs/configuration/mount-restriction/ ./docs/configuration/mount-restriction/configuration.md ./docs/configuration/mount-restriction/examples.md ./docs/configuration/network-restriction/ ./docs/configuration/network-restriction/configuration.md ./docs/configuration/network-restriction/examples.md ./docs/configuration/process-restriction/ ./docs/configuration/process-restriction/configuration.md ./docs/configuration/process-restriction/examples.md ./docs/configuration/dns_proxy.md ./docs/configuration/file-access-restriction/ ./docs/configuration/file-access-restriction/configuration.md ./docs/configuration/file-access-restriction/examples.md ./docs/development/ ./docs/development/build.md ./docs/development/setup.md ./README.en.md ./Vagrantfile ./.gitmodules ./INSTALL.md ./.gitignore ./README.md ./pkg/ ./pkg/audit/ ./pkg/audit/app.go ./pkg/audit/fileaccess/ ./pkg/audit/fileaccess/audit_test.go ./pkg/audit/fileaccess/manager_test.go ./pkg/audit/fileaccess/audit.go ./pkg/audit/fileaccess/manager.go ./pkg/audit/mount/ ./pkg/audit/mount/audit_test.go ./pkg/audit/mount/manager_test.go ./pkg/audit/mount/audit.go ./pkg/audit/mount/manager.go ./pkg/audit/helpers/ ./pkg/audit/helpers/helpers_test.go ./pkg/audit/helpers/helpers.go ./pkg/audit/network/ ./pkg/audit/network/helper.go ./pkg/audit/network/audit_test.go ./pkg/audit/network/dnsproxy.go ./pkg/audit/network/fqdn_test.go ./pkg/audit/network/fqdn.go ./pkg/audit/network/manager_test.go ./pkg/audit/network/audit.go ./pkg/audit/network/manager.go ./pkg/audit/process/ ./pkg/audit/process/audit_test.go ./pkg/audit/process/manager_test.go ./pkg/audit/process/audit.go ./pkg/audit/process/manager.go ./pkg/log/ ./pkg/log/logger.go ./pkg/utils/ ./pkg/utils/compatible.go ./pkg/config/ ./pkg/config/config_test.go ./pkg/config/config.go ./pkg/bpf/ ./pkg/bpf/bpf_helper.go ./pkg/bpf/c/ ./pkg/bpf/c/restricted-file.bpf.c ./pkg/bpf/c/common_structs.h ./pkg/bpf/c/restricted_network_structs.h ./pkg/bpf/c/restricted-process.bpf.c ./pkg/bpf/c/restricted-network.bpf.c ./pkg/bpf/c/restricted-mount.bpf.c ./pkg/bpf/LICENSE.md ./go.sum ./go.mod ./libbpf/ ./libbpf/src/ ./libbpf/src/libbpf.map ./libbpf/src/libbpf.c ./libbpf/src/relo_core.c ./libbpf/src/strset.h ./libbpf/src/bpf_helper_defs.h ./libbpf/src/hashmap.h ./libbpf/src/.gitignore ./libbpf/src/ringbuf.c ./libbpf/src/nlattr.h ./libbpf/src/libbpf.pc.template ./libbpf/src/features.c ./libbpf/src/btf_dump.c ./libbpf/src/libbpf_common.h ./libbpf/src/bpf_prog_linfo.c ./libbpf/src/libbpf_version.h ./libbpf/src/elf.c ./libbpf/src/hashmap.c ./libbpf/src/bpf_tracing.h ./libbpf/src/bpf_core_read.h ./libbpf/src/libbpf_probes.c ./libbpf/src/btf.h ./libbpf/src/nlattr.c ./libbpf/src/libbpf_legacy.h ./libbpf/src/libbpf.h ./libbpf/src/bpf.h ./libbpf/src/Makefile ./libbpf/src/usdt.c ./libbpf/src/str_error.h ./libbpf/src/skel_internal.h ./libbpf/src/bpf_helpers.h ./libbpf/src/zip.h ./libbpf/src/libbpf_internal.h ./libbpf/src/bpf.c ./libbpf/src/strset.c ./libbpf/src/netlink.c ./libbpf/src/usdt.bpf.h ./libbpf/src/relo_core.h ./libbpf/src/bpf_gen_internal.h ./libbpf/src/libbpf_errno.c ./libbpf/src/str_error.c ./libbpf/src/btf.c ./libbpf/src/linker.c ./libbpf/src/bpf_endian.h ./libbpf/src/gen_loader.c ./libbpf/src/zip.c ./libbpf/assets/ ./libbpf/assets/libbpf-logo-compact-mono.png ./libbpf/assets/libbpf-logo-sparse-darkbg.png ./libbpf/assets/libbpf-logo-sideways-mono.png ./libbpf/assets/libbpf-logo-sparse-mono.png ./libbpf/assets/libbpf-logo-sideways-darkbg.png ./libbpf/assets/libbpf-logo-sideways.png ./libbpf/assets/libbpf-logo-compact-darkbg.png ./libbpf/assets/libbpf-logo-sparse.png ./libbpf/assets/libbpf-logo-compact.png ./libbpf/LICENSE.BSD-2-Clause ./libbpf/docs/ ./libbpf/docs/libbpf_overview.rst ./libbpf/docs/.gitignore ./libbpf/docs/libbpf_naming_convention.rst ./libbpf/docs/index.rst ./libbpf/docs/libbpf_build.rst ./libbpf/docs/program_types.rst ./libbpf/docs/conf.py ./libbpf/docs/sphinx/ ./libbpf/docs/sphinx/requirements.txt ./libbpf/docs/sphinx/Makefile ./libbpf/docs/sphinx/doxygen/ ./libbpf/docs/sphinx/doxygen/Doxyfile ./libbpf/docs/api.rst ./libbpf/CHECKPOINT-COMMIT ./libbpf/fuzz/ ./libbpf/fuzz/bpf-object-fuzzer_seed_corpus.zip ./libbpf/fuzz/bpf-object-fuzzer.c ./libbpf/README.md ./libbpf/scripts/ ./libbpf/scripts/build-fuzzers.sh ./libbpf/scripts/sync-kernel.sh ./libbpf/scripts/coverity.sh ./libbpf/ci/ ./libbpf/ci/vmtest/ ./libbpf/ci/vmtest/configs/ ./libbpf/ci/vmtest/configs/ALLOWLIST-4.9.0 ./libbpf/ci/vmtest/configs/DENYLIST-latest.s390x ./libbpf/ci/vmtest/configs/ALLOWLIST-5.5.0 ./libbpf/ci/vmtest/configs/DENYLIST ./libbpf/ci/vmtest/configs/DENYLIST-5.5.0 ./libbpf/ci/vmtest/configs/DENYLIST-latest ./libbpf/ci/vmtest/helpers.sh ./libbpf/ci/vmtest/run_selftests.sh ./libbpf/ci/managers/ ./libbpf/ci/managers/test_compile.sh ./libbpf/ci/managers/debian.sh ./libbpf/ci/managers/ubuntu.sh ./libbpf/ci/managers/travis_wait.bash ./libbpf/ci/diffs/ ./libbpf/ci/diffs/.keep ./libbpf/ci/diffs/0002-xdp-bonding-Fix-feature-flags-when-there-are-no-slav.patch ./libbpf/SYNC.md ./libbpf/LICENSE ./libbpf/BPF-CHECKPOINT-COMMIT ./libbpf/LICENSE.LGPL-2.1 ./libbpf/include/ ./libbpf/include/uapi/ ./libbpf/include/uapi/linux/ ./libbpf/include/uapi/linux/openat2.h ./libbpf/include/uapi/linux/if_link.h ./libbpf/include/uapi/linux/netdev.h ./libbpf/include/uapi/linux/pkt_cls.h ./libbpf/include/uapi/linux/perf_event.h ./libbpf/include/uapi/linux/fcntl.h ./libbpf/include/uapi/linux/netlink.h ./libbpf/include/uapi/linux/btf.h ./libbpf/include/uapi/linux/bpf.h ./libbpf/include/uapi/linux/pkt_sched.h ./libbpf/include/uapi/linux/bpf_common.h ./libbpf/include/uapi/linux/if_xdp.h ./libbpf/include/linux/ ./libbpf/include/linux/filter.h ./libbpf/include/linux/types.h ./libbpf/include/linux/compiler.h ./libbpf/include/linux/err.h ./libbpf/include/linux/list.h ./libbpf/include/linux/ring_buffer.h ./libbpf/include/linux/kernel.h ./libbpf/include/linux/overflow.h ./libbpf/include/asm/ ./libbpf/include/asm/barrier.h ./tools/ ./tools/load_bpf.c ./Makefile ./safeguard.spec ./testdata/ ./testdata/block_v4.yml ./testdata/monitor_domain_v4.yml ./testdata/monitor_domain_v6.yml ./testdata/fileaccess/ ./testdata/fileaccess/allow_all.yml ./testdata/monitor_v6.yml ./testdata/gid_allow.yml ./testdata/block_v6.yml ./testdata/container.yml ./testdata/docker-compose.yml ./testdata/command_allow.yml ./testdata/monitor_v4.yml ./testdata/command_deny.yml ./testdata/block_domain_v6.yml ./testdata/uid_allow.yml ./testdata/block_domain_v4.yml ./LICENSE ./config/ ./config/safeguard2403.yml ./config/example.yml ./config/sample.yaml ./config/container.yaml ./config/monitor.yaml ./config/block.yaml ./config/safeguard2203.yml ./config/safeguard.yml ./cmd/ ./cmd/safeguard/ ./cmd/safeguard/safeguard.go ./.git/ ./.git/ORIG_HEAD ./.git/HEAD ./.git/branches/ ./.git/description ./.git/info/ ./.git/info/exclude ./.git/COMMIT_EDITMSG ./.git/hooks/ ./.git/hooks/post-update.sample ./.git/hooks/pre-commit.sample ./.git/hooks/commit-msg.sample ./.git/hooks/pre-applypatch.sample ./.git/hooks/update.sample ./.git/hooks/prepare-commit-msg.sample ./.git/hooks/pre-receive.sample ./.git/hooks/fsmonitor-watchman.sample ./.git/hooks/pre-push.sample ./.git/hooks/applypatch-msg.sample ./.git/hooks/pre-rebase.sample ./.git/hooks/pre-merge-commit.sample ./.git/hooks/push-to-checkout.sample ./.git/refs/ ./.git/refs/heads/ ./.git/refs/heads/master ./.git/refs/tags/ ./.git/refs/remotes/ ./.git/refs/remotes/origin/ ./.git/refs/remotes/origin/HEAD ./.git/refs/remotes/origin/fix_spec ./.git/refs/remotes/origin/master ./.git/refs/remotes/origin/fix_df ./.git/FETCH_HEAD ./.git/modules/ ./.git/logs/ ./.git/logs/HEAD ./.git/logs/refs/ ./.git/logs/refs/heads/ ./.git/logs/refs/heads/master ./.git/logs/refs/remotes/ ./.git/logs/refs/remotes/origin/ ./.git/logs/refs/remotes/origin/HEAD ./.git/logs/refs/remotes/origin/fix_spec ./.git/logs/refs/remotes/origin/master ./.git/logs/refs/remotes/origin/fix_df ./.git/objects/ ./.git/objects/d6/ ./.git/objects/d6/7755edd3312fdee41110952b95fd8837a2a153 ./.git/objects/94/ ./.git/objects/94/76dc081f26ec2a7333b47af7d80ec61da274cc ./.git/objects/pack/ ./.git/objects/pack/pack-ca6ca1a9ce6ee14e7ccbbb25ea0a598336c5ccc8.idx ./.git/objects/pack/pack-ca6ca1a9ce6ee14e7ccbbb25ea0a598336c5ccc8.pack ./.git/objects/db/ ./.git/objects/db/b8c76fa25061fe424a029668161533a9a46ce4 ./.git/objects/05/ ./.git/objects/05/688482c068c655d310707ec6df97c1529b9555 ./.git/objects/06/ ./.git/objects/06/0bc6278e1f8e38d088e4f1675e1c8aed41de70 ./.git/objects/info/ ./.git/objects/e0/ ./.git/objects/e0/496497711fcbe4c248f36ee1c7a4422db3613a ./.git/objects/03/ ./.git/objects/03/403c5669a26d67c802d42f9370c8593345f3f7 ./.git/objects/da/ ./.git/objects/da/1b83f656469eac3b4ae435aa6ff4975c195023 ./.git/objects/f1/ ./.git/objects/f1/8a6ffdbb767cd987aeea56bba2397886de5020 ./.git/objects/42/ ./.git/objects/42/5ad4b50d6f3e3bb7cc0d9a737ea2d20f69e11c ./.git/objects/69/ ./.git/objects/69/1085d57da2cc9e0cb5a3b8324395fd9a40f9b6 ./.git/objects/78/ ./.git/objects/78/fb14018d5f1ace1a993648edaddeda0e76f1ae ./.git/config ./.git/packed-refs ./.git/index cd ~/rpmbuild && sudo yum builddep -y SPECS/safeguard.spec && rpmbuild -ba SPECS/safeguard.spec Last metadata expiration check: 0:39:04 ago on Mon 12 May 2025 10:19:51 PM CST. Package bpftool-6.8.0-2.oe2203sp1.x86_64 is already installed. Package clang-12.0.1-4.oe2203sp1.x86_64 is already installed. Package elfutils-devel-0.185-17.oe2203sp1.x86_64 is already installed. Package gcc-10.3.1-28.oe2203sp1.x86_64 is already installed. Package golang-1.17.3-37.oe2203sp1.x86_64 is already installed. Package llvm-12.0.1-7.oe2203sp1.x86_64 is already installed. Package zlib-devel-1.2.11-24.oe2203sp1.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.seRWQp + umask 022 + cd /root/rpmbuild/BUILD + cd /root/rpmbuild/BUILD + rm -rf safeguard + /usr/bin/gzip -dc /root/rpmbuild/SOURCES/safeguard-2.0.tar.gz + /usr/bin/tar -xof - + STATUS=0 + '[' 0 -ne 0 ']' + cd safeguard + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + RPM_EC=0 ++ jobs -p + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.09xzYu + umask 022 + cd /root/rpmbuild/BUILD + cd safeguard + export GO111MODULE=on + GO111MODULE=on + export GOPROXY=https://goproxy.cn,direct + GOPROXY=https://goproxy.cn,direct + make build make[1]: Entering directory '/root/rpmbuild/BUILD/safeguard' CC="gcc" CFLAGS="-g -O2 -Wall -fpie" \ make -C /root/rpmbuild/BUILD/safeguard/libbpf/src \ OBJDIR=/root/rpmbuild/BUILD/safeguard/output/libbpf \ DESTDIR=/root/rpmbuild/BUILD/safeguard/output \ INCLUDEDIR= LIBDIR= UAPIDIR= install make[2]: Entering directory '/root/rpmbuild/BUILD/safeguard/libbpf/src' MKDIR /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/bpf.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/btf.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/libbpf.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/libbpf_errno.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/netlink.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/nlattr.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/str_error.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/libbpf_probes.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/bpf_prog_linfo.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/btf_dump.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/hashmap.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/ringbuf.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/strset.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/linker.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/gen_loader.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/relo_core.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/usdt.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/zip.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/elf.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/staticobjs/features.o AR /root/rpmbuild/BUILD/safeguard/output/libbpf/libbpf.a MKDIR /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/bpf.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/btf.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/libbpf.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/libbpf_errno.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/netlink.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/nlattr.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/str_error.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/libbpf_probes.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/bpf_prog_linfo.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/btf_dump.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/hashmap.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/ringbuf.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/strset.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/linker.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/gen_loader.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/relo_core.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/usdt.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/zip.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/elf.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/sharedobjs/features.o CC /root/rpmbuild/BUILD/safeguard/output/libbpf/libbpf.so.1.4.6 INSTALL bpf.h libbpf.h btf.h libbpf_common.h libbpf_legacy.h bpf_helpers.h bpf_helper_defs.h bpf_tracing.h bpf_endian.h bpf_core_read.h skel_internal.h libbpf_version.h usdt.bpf.h INSTALL /root/rpmbuild/BUILD/safeguard/output/libbpf/libbpf.pc INSTALL /root/rpmbuild/BUILD/safeguard/output/libbpf/libbpf.a /root/rpmbuild/BUILD/safeguard/output/libbpf/libbpf.so /root/rpmbuild/BUILD/safeguard/output/libbpf/libbpf.so.1 /root/rpmbuild/BUILD/safeguard/output/libbpf/libbpf.so.1.4.6 make[2]: Leaving directory '/root/rpmbuild/BUILD/safeguard/libbpf/src' mkdir -p pkg/bpf/bytecode mkdir -p build clang -g -O2 -target bpf -D__TARGET_ARCH_x86 -I/root/rpmbuild/BUILD/safeguard/output `shell -v -E - </dev/null 2>&1 | sed -n '/<...> search starts here:/,/End of search list./{ s| \(/.*\)|-idirafter \1|p }'` -E pkg/bpf/c/restricted-network.bpf.c -o "pkg/bpf/bytecode/restricted-network.bpf.o.i" clang -g -O2 -target bpf -D__TARGET_ARCH_x86 -I/root/rpmbuild/BUILD/safeguard/output `shell -v -E - </dev/null 2>&1 | sed -n '/<...> search starts here:/,/End of search list./{ s| \(/.*\)|-idirafter \1|p }'` -c pkg/bpf/c/restricted-network.bpf.c -o pkg/bpf/bytecode/restricted-network.bpf.o /usr/bin/llvm-strip -g pkg/bpf/bytecode/restricted-network.bpf.o # strip useless DWARF info clang -g -O2 -target bpf -D__TARGET_ARCH_x86 -I/root/rpmbuild/BUILD/safeguard/output `shell -v -E - </dev/null 2>&1 | sed -n '/<...> search starts here:/,/End of search list./{ s| \(/.*\)|-idirafter \1|p }'` -E pkg/bpf/c/restricted-file.bpf.c -o "pkg/bpf/bytecode/restricted-file.bpf.o.i" clang -g -O2 -target bpf -D__TARGET_ARCH_x86 -I/root/rpmbuild/BUILD/safeguard/output `shell -v -E - </dev/null 2>&1 | sed -n '/<...> search starts here:/,/End of search list./{ s| \(/.*\)|-idirafter \1|p }'` -c pkg/bpf/c/restricted-file.bpf.c -o pkg/bpf/bytecode/restricted-file.bpf.o /usr/bin/llvm-strip -g pkg/bpf/bytecode/restricted-file.bpf.o # strip useless DWARF info clang -g -O2 -target bpf -D__TARGET_ARCH_x86 -I/root/rpmbuild/BUILD/safeguard/output `shell -v -E - </dev/null 2>&1 | sed -n '/<...> search starts here:/,/End of search list./{ s| \(/.*\)|-idirafter \1|p }'` -E pkg/bpf/c/restricted-mount.bpf.c -o "pkg/bpf/bytecode/restricted-mount.bpf.o.i" clang -g -O2 -target bpf -D__TARGET_ARCH_x86 -I/root/rpmbuild/BUILD/safeguard/output `shell -v -E - </dev/null 2>&1 | sed -n '/<...> search starts here:/,/End of search list./{ s| \(/.*\)|-idirafter \1|p }'` -c pkg/bpf/c/restricted-mount.bpf.c -o pkg/bpf/bytecode/restricted-mount.bpf.o /usr/bin/llvm-strip -g pkg/bpf/bytecode/restricted-mount.bpf.o # strip useless DWARF info clang -g -O2 -target bpf -D__TARGET_ARCH_x86 -I/root/rpmbuild/BUILD/safeguard/output `shell -v -E - </dev/null 2>&1 | sed -n '/<...> search starts here:/,/End of search list./{ s| \(/.*\)|-idirafter \1|p }'` -E pkg/bpf/c/restricted-process.bpf.c -o "pkg/bpf/bytecode/restricted-process.bpf.o.i" clang -g -O2 -target bpf -D__TARGET_ARCH_x86 -I/root/rpmbuild/BUILD/safeguard/output `shell -v -E - </dev/null 2>&1 | sed -n '/<...> search starts here:/,/End of search list./{ s| \(/.*\)|-idirafter \1|p }'` -c pkg/bpf/c/restricted-process.bpf.c -o pkg/bpf/bytecode/restricted-process.bpf.o /usr/bin/llvm-strip -g pkg/bpf/bytecode/restricted-process.bpf.o # strip useless DWARF info CGO_CFLAGS="-I/root/rpmbuild/BUILD/safeguard/output" CGO_LDFLAGS="-lelf -lz /root/rpmbuild/BUILD/safeguard/output/libbpf.a" go build -tags netgo -ldflags "-w -s" -o build/safeguard cmd/safeguard/safeguard.go make[1]: Leaving directory '/root/rpmbuild/BUILD/safeguard' + RPM_EC=0 ++ jobs -p + exit 0 Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.AfrHO5 + umask 022 + cd /root/rpmbuild/BUILD + '[' /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64 '!=' / ']' + rm -rf /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64 ++ dirname /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64 + mkdir -p /root/rpmbuild/BUILDROOT + mkdir /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64 + cd safeguard + mkdir -p /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64/usr/bin + mkdir -p /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64/etc/safeguard + cp -a build/safeguard /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64/usr/bin/ + cp -a config/safeguard.yml /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64/etc/safeguard/ + /usr/lib/rpm/check-buildroot + /usr/lib/rpm/brp-ldconfig + /usr/lib/rpm/brp-compress + /usr/lib/rpm/brp-strip /usr/bin/strip + /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump + /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip + /usr/lib/rpm/brp-python-bytecompile /usr/bin/python 1 1 + /usr/lib/rpm/brp-python-hardlink Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.s8RTjd + umask 022 + cd /root/rpmbuild/BUILD + cd safeguard + RPM_EC=0 ++ jobs -p + exit 0 Processing files: safeguard-2.0-2.x86_64 Executing(%doc): /bin/sh -e /var/tmp/rpm-tmp.ty2hKQ + umask 022 + cd /root/rpmbuild/BUILD + cd safeguard + DOCDIR=/root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64/usr/share/doc/safeguard + export LC_ALL=C + LC_ALL=C + export DOCDIR + /usr/bin/mkdir -p /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64/usr/share/doc/safeguard + cp -pr README.md /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64/usr/share/doc/safeguard + RPM_EC=0 ++ jobs -p + exit 0 Executing(%license): /bin/sh -e /var/tmp/rpm-tmp.4ZQkF6 + umask 022 + cd /root/rpmbuild/BUILD + cd safeguard + LICENSEDIR=/root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64/usr/share/licenses/safeguard + export LC_ALL=C + LC_ALL=C + export LICENSEDIR + /usr/bin/mkdir -p /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64/usr/share/licenses/safeguard + cp -pr LICENSE /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64/usr/share/licenses/safeguard + RPM_EC=0 ++ jobs -p + exit 0 Provides: safeguard = 2.0-2 safeguard(x86-64) = 2.0-2 Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.14)(64bit) libc.so.6(GLIBC_2.17)(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.22)(64bit) libc.so.6(GLIBC_2.28)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.2)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.32)(64bit) libc.so.6(GLIBC_2.34)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.7)(64bit) libc.so.6(GLIBC_2.9)(64bit) libelf.so.1()(64bit) libelf.so.1(ELFUTILS_1.0)(64bit) libelf.so.1(ELFUTILS_1.3)(64bit) libelf.so.1(ELFUTILS_1.5)(64bit) libelf.so.1(ELFUTILS_1.6)(64bit) libz.so.1()(64bit) libz.so.1(ZLIB_1.2.3.3)(64bit) rtld(GNU_HASH) Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64 Wrote: /root/rpmbuild/SRPMS/safeguard-2.0-2.src.rpm Wrote: /root/rpmbuild/RPMS/x86_64/safeguard-2.0-2.x86_64.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.ysS8zs + umask 022 + cd /root/rpmbuild/BUILD + cd safeguard + /usr/bin/rm -rf /root/rpmbuild/BUILDROOT/safeguard-2.0-2.x86_64 + RPM_EC=0 ++ jobs -p + exit 0 [root@openeuler2203ltssp1 youyifeng-safeguard.git]# ``` 测试验证,rpm构建成功。
此 Pull Request 需要通过一些审核项
类型
指派人员
状态
审查
openeuler-ci-bot
进行中
(0/1人)
测试
openeuler-ci-bot
进行中
(0/1人)
此 Pull Request 暂不能合并,一些审核尚未通过
怎样手动合并此 Pull Request
git checkout master
git pull https://gitee.com/youyifeng/safeguard.git master
git push origin master
评论
1
提交
1
文件
2
检查
代码问题
0
批量操作
展开设置
折叠设置
审查
Code Owner
审查人员
leon wang
wonleing
luzhihao
MrRlu
weiyj
weiyj_lk
胡亚弟
huyd12
Tongyx
tongyx633
ylsong
songyanling
yuelg
bigclouds99
happyseeker
happyseeker
李韶雄
otank
Qingwei Xu
QingweiXu
openeuler-ci-bot
openeuler-ci-bot
未设置
最少人数
1
测试
leon wang
wonleing
luzhihao
MrRlu
weiyj
weiyj_lk
胡亚弟
huyd12
Tongyx
tongyx633
ylsong
songyanling
yuelg
bigclouds99
happyseeker
happyseeker
李韶雄
otank
Qingwei Xu
QingweiXu
openeuler-ci-bot
openeuler-ci-bot
未设置
最少人数
1
优先级
不指定
严重
主要
次要
不重要
标签
openeuler-cla/yes
sig/sig-ebpf
关联 Issue
未关联
Pull Request 合并后将关闭上述关联 Issue
里程碑
未关联里程碑
合并选项
合并后删除提交分支
提交分支为默认分支,无法删除
合并后关闭提到的 Issue
接受 Pull Request 时使用扁平化(Squash)合并
勾选此选项后,将建议使用 Squash Merge 方式合并以精简提交历史记录
参与者
(2)
Cherry-pick 提交
Cherry-pick 可以将
特定提交(Commit)
从某个分支挑选并应用到另一个分支,实现快速集成特定更改,而无需合并整个分支。
请选择应用 Cherry-pick 提交 (Commit) 的目标分支
新建分支
当前账号不存在 Fork 仓库,建议 cherry-pick 到 Fork 仓库。
Fork 仓库
提交列表
Commit SHA
Commit Message
基于 Cherry-pick 后的分支发起 Pull Request
取消
Cherry-pick
1
https://gitee.com/openeuler/safeguard.git
git@gitee.com:openeuler/safeguard.git
openeuler
safeguard
safeguard
点此查找更多帮助
搜索帮助
Git 命令在线学习
如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
仓库举报
回到顶部
登录提示
该操作需登录 Gitee 帐号,请先登录后再操作。
立即登录
没有帐号,去注册
